correlr/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add traefik configuration

Browse source
This commit is contained in:
Correl Roush 2024-11-24 20:34:37 -05:00
parent 056f125cc0
commit e2073fbd30
16 changed files with 515 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
roles/traefik/files/conf.d/atma.yaml Normal file
View file

@ -0,0 +1,16 @@
http:
routers:
atma-public:
rule: "Host(`atma.phoenixinquis.net`) || Host(`atma.phoenixinquis.is-a-geek.org`)"
entryPoints:
- websecure
tls:
certResolver: dyndns
service: atma
services:
atma:
loadBalancer:
servers:
- url: "http://reason.sailmaker:80"
passHostHeader: true

16
roles/traefik/files/conf.d/calibre.yaml Normal file
View file

@ -0,0 +1,16 @@
http:
routers:
calibre-public:
rule: "Host(`calibre.phoenixinquis.is-a-geek.org`) || Host(`calibrep.phoenixinquis.is-a-geek.org`)"
entryPoints:
- websecure
tls:
certresolver: dyndns
service: calibre
services:
calibre:
loadBalancer:
servers:
- url: "http://reason.sailmaker:80"
passHostHeader: true

16
roles/traefik/files/conf.d/fedi.yaml Normal file
View file

@ -0,0 +1,16 @@
http:
routers:
fedi-public:
rule: "Host(`fedi.fenix.lgbt`)"
entryPoints:
- websecure
tls:
certresolver: fenix.lgbt
service: fedi
services:
fedi:
loadBalancer:
servers:
- url: "http://reason.sailmaker:3030"
passHostHeader: true

35
roles/traefik/files/conf.d/git.yaml Normal file
View file

@ -0,0 +1,35 @@
http:
routers:
git-public:
rule: "Host(`git.phoenixinquis.net`)"
entryPoints:
- websecure
tls:
certresolver: dyndns
service: git
middlewares:
# - git-ratelimit
- git-block-uas
services:
git:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:80"
passHostHeader: true
middlewares:
git-ratelimit:
rateLimit:
average: 10
burst: 30
period: 1m
git-block-uas:
plugin:
traefik-plugin-blockuseragent:
Regex :
- "facebookexternalhit"
- "meta-externalagent"
- "Amazonbot"
- "SemrushBot"
- "DotBot"

25
roles/traefik/files/conf.d/homeassistant.yaml Normal file
View file

@ -0,0 +1,25 @@
http:
routers:
homeassistant-public:
rule: "Host(`hass.karai.is-a-geek.org`) || Host(`hass.phoenixinquis.is-a-geek.org`)"
entryPoints:
- websecure
tls:
certResolver: dyndns
service: homeassistant
homeassistant-internal:
rule: "Host(`homeassistant.sailmaker.fenix.lgbt`)"
entryPoints:
- websecure
tls:
domains:
- main: "*.sailmaker.fenix.lgbt"
certResolver: fenix.lgbt
service: homeassistant
services:
homeassistant:
loadBalancer:
servers:
- url: "http://192.168.1.13:8123"
passHostHeader: true

16
roles/traefik/files/conf.d/misc.yaml Normal file
View file

@ -0,0 +1,16 @@
http:
routers:
misc-public:
rule: "Host(`misc.phoenixinquis.net`) || Host(`misc.phoenixinquis.is-a-geek.org`)"
entryPoints:
- websecure
tls:
certResolver: dyndns
service: misc
services:
misc:
loadBalancer:
servers:
- url: "http://reason.sailmaker:80"
passHostHeader: true

16
roles/traefik/files/conf.d/nextcloud.yaml Normal file
View file

@ -0,0 +1,16 @@
http:
routers:
cloud-public:
rule: "Host(`cloud.phoenixinquis.net`) || Host(`cloud.phoenixinquis.is-a-geek.org`)"
entryPoints:
- websecure
tls:
certResolver: dyndns
service: cloud
services:
cloud:
loadBalancer:
servers:
- url: "http://reason.sailmaker:80"
passHostHeader: true

23
roles/traefik/files/conf.d/playcrafters.yaml Normal file
View file

@ -0,0 +1,23 @@
http:
routers:
playcrafters-public:
rule: "Host(`playcrafters.phoenixinquis.net`)"
entryPoints:
- websecure
tls:
certresolver: dyndns
service: playcrafters
playcrafters-public-dyndns:
rule: "Host(`playcrafters.karai.is-a-geek.org`)"
entryPoints:
- websecure
tls:
certresolver: dyndns
service: playcrafters
services:
playcrafters:
loadBalancer:
servers:
- url: "http://reason.sailmaker:80"
passHostHeader: true

213
roles/traefik/files/conf.d/sailmaker.yaml Normal file
View file

@ -0,0 +1,213 @@
_templates:
internal-tls-router: &sailmaker-tls
entryPoints:
- websecure
tls:
domains:
- main: "*.sailmaker.fenix.lgbt"
certresolver: fenix.lgbt
public-tls-router: &public-tls
entryPoints:
- websecure
tls:
certresolver: dyndns
http:
routers:
freepbx-internal:
rule: "Host(`freepbx.sailmaker.fenix.lgbt`)"
service: freepbx
<<: *sailmaker-tls
grafana-internal:
rule: "Host(`grafana.sailmaker.fenix.lgbt`)"
service: grafana
<<: *sailmaker-tls
homepage-internal:
rule: "Host(`sailmaker.fenix.lgbt`)"
service: heimdall
<<: *sailmaker-tls
jellyfin-internal:
rule: "Host(`jellyfin.sailmaker.fenix.lgbt`)"
service: jellyfin
<<: *sailmaker-tls
lldap-internal:
rule: "Host(`ldap.sailmaker.fenix.lgbt`)"
service: lldap
<<: *sailmaker-tls
loki-internal:
rule: "Host(`loki.sailmaker.fenix.lgbt`)"
service: loki
<<: *sailmaker-tls
plex-internal:
rule: "Host(`plex.sailmaker.fenix.lgbt`)"
service: plex
<<: *sailmaker-tls
proxmox-internal:
rule: "Host(`proxmox.sailmaker.fenix.lgbt`)"
service: proxmox
<<: *sailmaker-tls
prowlarr-internal:
rule: "Host(`prowlarr.sailmaker.fenix.lgbt`)"
service: prowlarr
<<: *sailmaker-tls
radarr-internal:
rule: "Host(`radarr.sailmaker.fenix.lgbt`)"
service: radarr
<<: *sailmaker-tls
correl-internal:
rule: "Host(`correl.sailmaker.fenix.lgbt`)"
service: roam
<<: *sailmaker-tls
hugo-internal:
rule: "Host(`hugo.sailmaker.fenix.lgbt`)"
service: hugo
<<: *sailmaker-tls
omada-internal:
rule: "Host(`omada.sailmaker.fenix.lgbt`)"
service: omada
<<: *sailmaker-tls
sabnzbd-internal:
rule: "Host(`sabnzbd.sailmaker.fenix.lgbt`)"
service: sabnzbd
<<: *sailmaker-tls
sonarr-internal:
rule: "Host(`sonarr.sailmaker.fenix.lgbt`)"
service: sonarr
<<: *sailmaker-tls
tautulli-internal:
rule: "Host(`tautulli.sailmaker.fenix.lgbt`)"
service: tautulli
<<: *sailmaker-tls
traefik-internal:
rule: "Host(`traefik.sailmaker.fenix.lgbt`)"
service: traefik
<<: *sailmaker-tls
transmission-internal:
rule: "Host(`transmission.sailmaker.fenix.lgbt`)"
service: transmission
<<: *sailmaker-tls
webhook-internal:
rule: "Host(`webhook.sailmaker.fenix.lgbt`)"
service: webhook
<<: *sailmaker-tls
webhook-public:
rule: "Host(`webhook.phoenixinquis.net`)"
service: requestbin
<<: *public-tls
whisparr-internal:
rule: "Host(`whisparr.sailmaker.fenix.lgbt`)"
service: whisparr
<<: *sailmaker-tls
whoogle-internal:
rule: "Host(`whoogle.sailmaker.fenix.lgbt`)"
service: whoogle
<<: *sailmaker-tls
wireguard-dashboard-internal:
rule: "Host(`wireguard.sailmaker.fenix.lgbt`)"
service: wireguard-dashboard
<<: *sailmaker-tls
services:
freepbx:
loadBalancer:
servers:
- url: "http://192.168.1.20"
grafana:
loadBalancer:
servers:
- url: "http://reason.sailmaker:3001"
heimdall:
loadBalancer:
servers:
- url: "http://heimdall-dashboard.sailmaker.fenix.lgbt:7990"
homepage:
loadBalancer:
servers:
- url: "http://reason.sailmaker:3000"
hugo:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:1215"
jellyfin:
loadBalancer:
servers:
- url: "http://reason.sailmaker:8096"
lldap:
loadBalancer:
servers:
- url: "http://lldap.sailmaker.fenix.lgbt:17170"
loki:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:3100"
omada:
loadBalancer:
servers:
- url: "http://oc200_d12a99.sailmaker.fenix.lgbt"
plex:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:32400"
proxmox:
loadBalancer:
passHostHeader: true
serversTransport: pve
servers:
- url: "https://nomadix.sailmaker.fenix.lgbt:8006"
prowlarr:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:9696"
radarr:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:7878"
requestbin:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:8009"
roam:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:1214"
sabnzbd:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:8080"
sonarr:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:8989"
tautulli:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:80"
passHostHeader: true
traefik:
loadBalancer:
servers:
- url: "http://192.168.1.8:8080"
transmission:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:9091"
webhook:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:9000"
whisparr:
loadBalancer:
servers:
- url: "http://reason.sailmaker.fenix.lgbt:6969"
whoogle:
loadBalancer:
servers:
- url: "http://192.168.1.15:5000"
wireguard-dashboard:
loadBalancer:
servers:
# Reason (old)
- url: "http://192.168.1.183:51821"
# Nomadix (new)
# - url: "http://192.168.1.6:10086"
serversTransports:
pve:
insecureSkipVerify: true

14
roles/traefik/files/conf.d/syncthing.yaml Normal file
View file

@ -0,0 +1,14 @@
http:
routers:
syncthing-local:
rule: "Host(`syncthing.sailmaker`)"
entryPoints:
- web
service: syncthing
services:
syncthing:
loadBalancer:
servers:
- url: "http://reason.sailmaker:8384"
passHostHeader: true

16
roles/traefik/files/conf.d/tutor.yaml Normal file
View file

@ -0,0 +1,16 @@
http:
routers:
tutor-public:
rule: "Host(`tutor.phoenixinquis.net`) || Host(`tutor.phoenixinquis.is-a-geek.org`)"
entryPoints:
- websecure
tls:
certresolver: dyndns
service: tutor
services:
tutor:
loadBalancer:
servers:
- url: "http://reason.sailmaker:80"
passHostHeader: true

16
roles/traefik/files/conf.d/wallabag.yaml Normal file
View file

@ -0,0 +1,16 @@
http:
routers:
wallabag-public:
rule: "Host(`wallabag.phoenixinquis.is-a-geek.org`)"
entryPoints:
- websecure
tls:
certresolver: dyndns
service: wallabag
services:
wallabag:
loadBalancer:
servers:
- url: "http://reason.sailmaker:80"
passHostHeader: true

75
roles/traefik/files/traefik.yaml Normal file
View file

@ -0,0 +1,75 @@
providers:
file:
directory: /etc/traefik/conf.d/
watch: true
entryPoints:
web:
address: ':80'
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ':443'
http:
tls:
certResolver: letsencrypt
traefik:
address: ':8080'
certificatesResolvers:
# letsencrypt:
# acme:
# email: "correl@gmail.com"
# storage: /etc/traefik/ssl/acme.json
# dnsChallenge:
# provider: route53
# delayBeforeCheck: 0
fenix.lgbt:
acme:
email: "correl@gmail.com"
storage: /etc/traefik/ssl/acme-fenix.lgbt.json
dnsChallenge:
provider: route53
delayBeforeCheck: 0
dyndns:
acme:
email: "correl@gmail.com"
storage: /etc/traefik/ssl/acme-dyndns.json
tlsChallenge: {}
api:
dashboard: true
insecure: true
log:
filePath: /var/log/traefik/traefik.log
format: json
level: INFO
accessLog:
filePath: /var/log/traefik/traefik-access.log
format: json
filters:
statusCodes:
- "200"
- "400-599"
retryAttempts: true
minDuration: "10ms"
bufferingSize: 0
fields:
headers:
defaultMode: drop
names:
User-Agent: keep
metrics:
prometheus: {}
experimental:
plugins:
traefik-plugin-blockuseragent:
moduleName: "github.com/agence-gaya/traefik-plugin-blockuseragent"
version: "v0.1.7"

4
roles/traefik/handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
- name: restart traefik
service:
name: traefik
status: restarted

9
roles/traefik/tasks/main.yml Normal file
View file

@ -0,0 +1,9 @@
- name: Copy main configuration
copy:
src: traefik.yaml
dest: /etc/traefik/traefik.yaml
notify: restart traefik
- name: Copy additional configuration
copy:
src: conf.d
dest: /etc/traefik

5
promtail.yml → traefik.yml
View file

@ -1,3 +1,8 @@
- name: Manage traefik server
hosts: traefik
become: true
roles:
- traefik
- name: Manage promtail service
hosts: traefik
become: true